Using BMC Defender Agent for Windows

At many sites, using BMC Defender Agent for Windows requires only that you install it: 

  • BMC Defender Agent for Windows does not require program maintenance.
  • It does not interfere with other system processes.
  • The system configuration file is ready to run. It requires no customization other than the destination syslog host supplied by the installation.

However, the WTS programs have various command-line options and capabilities available for general users, documented in this section. Specifically, the CO-sysmsg.exe program has a comprehensive configuration file that is easy to understand. This service is designed to be easily modified and configured, such as to monitor streaming log files. The sendlog.exe program is specifically supplied to allow you the ability to send arbitrary syslog messages and support user scripting. For example, the sendlog.exe program can easily be incorporated in any Windows batch file to send notifications to the BMC Defender  (or other) syslog server.

Note

Administrators and developers who would like to extend the Windows syslog monitoring capabilities of their organization can use this information. It should also be of interest to other users who want to assess the capabilities of the WTS tools and syslog protocol in general.

Section summary and additional notes

  • The BMC Defender Syslog Message Service monitors Windows event logs for changes and sends syslog messages to the destination host.
  • The destination host address, that receives messages, is configured in the CO-sysmsg.cnf file that is in the same location as the CO-sysmsg.exe program in the default directory C:\installationDirectory\wintools.
  • The CO-sysmsg.cnf file must exist in the aforementioned directory. The file specifies a variety of parameters and configuration items, explained in the next section.
  • The CO-sysmsg.exe program, that is the program corresponding to the BMC Defender Syslog Message Service, reads its configuration data only at the startup.
  • The sendlog.exe program is a stand-alone executable that permits programmers to send syslog messages to arbitrary hosts, using arbitrary messages, severities and facility codes.
  • The wsendlog.exe program provides a function identical to the sendlog.exe program, except that the former provides a user-friendly user dialog (rather than being a command-line program).
  • Setting the SIGMA_ENCRYPT_DATA environmental variable to any value causes any data sent by the sendlog.exe program to be automatically encrypted. This is useful only if the target syslog receiver is the BMC Defender system.
  • The CO-tsend.exe program is the BMC Defender Tunnel Sender Service that can be manually installed on one or more Windows platforms to provide secure TCP transmissions of syslog and SNMP trap messages to the BMC Defender system.
  • The CO-tsend.exe program is not required for proper operation of BMC Defender, however it might enhance the overall security of a site and handle special firewall and routing issues.

This section provides information about the following topics:

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*